[nrf noup] Constant size for psa_core_key_attributes_t struct

mswarowsky · nordicjm · commit 89419b374d17 · 2022-11-14T10:16:09.000Z
-There is an inconsistency between PSA Crypto API specification in
 Mbed TLS and in the interface exposed by TF-M for key representation
 where an additional type has been added to hold information about owner.
 This functionality is controlled by setting the configuration
 MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER which configures the type
 Mbed TLS internal type mbedtls_svc_key_id_t to a structure type of two
 words and not as a single word compatible with the PSA Crypto API
 type psk_key_id_t.

 This commit adds a reserved word in psa_core_key_attributes_t after
 the instance of mbedtls_svc_key_id_t to ensure that this structure
 is binary compatible with PSA Crypto drivers that are built with
 MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER.

 This is a [noup] commit as this problem for our pre-built PSA
 crypto drivers which is required to be compiled with the configuration
 MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER enabled to ensure support
 with and without TF-M using the same library.

ref: NCSDK-17464

Signed-off-by: Markus Swarowsky &lt;markus.swarowsky@nordicsemi.no&gt;
Signed-off-by: Frank Audun Kvamtrø &lt;frank.kvamtro@nordicsemi.no&gt;
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
@@ -319,20 +319,44 @@ typedef uint16_t psa_key_attributes_flag_t;
 #define MBEDTLS_PSA_KA_MASK_DUAL_USE (          \
         0 )
 
+/* Only used when the key id doesn't encode the owners id, to fill the reserved
+ * field in psa_core_key_attributes_t
+*/
+#define MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT (int32_t) 0
+
 typedef struct
 {
     psa_key_type_t MBEDTLS_PRIVATE(type);
     psa_key_bits_t MBEDTLS_PRIVATE(bits);
     psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
     mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+/* This ensures that size of struct doesn't change size depending on setting 
+ * MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 
+ */
+#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+    int32_t  MBEDTLS_PRIVATE(reserved);
+#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
     psa_key_policy_t MBEDTLS_PRIVATE(policy);
     psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
 } psa_core_key_attributes_t;
 
+/* 
+ * Changing MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER changes the size 
+ * of psa_core_key_attributes_t, which can lead to incompatibilties.
+ * This provides a compatible version of initialisation.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 #define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0,            \
                                        PSA_KEY_LIFETIME_VOLATILE,       \
                                        MBEDTLS_SVC_KEY_ID_INIT,         \
                                        PSA_KEY_POLICY_INIT, 0 }
+#else
+#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0,                \
+                                       PSA_KEY_LIFETIME_VOLATILE,           \
+                                       MBEDTLS_SVC_KEY_ID_INIT,             \
+                                       MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT, \
+                                       PSA_KEY_POLICY_INIT, 0 }
+#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
 
 struct psa_key_attributes_s
 {
